Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

win32/kryptik.bak

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
Peca
Návštěvník
Návštěvník
Příspěvky: 5
Registrován: 14 úno 2012 16:26

win32/kryptik.bak

#1 Příspěvek od Peca »

Dobrý den,
nod32 mi včera našel virus win32/kryptik.bak, kvůli jeho smazání si vyžadoval restart a po něm už notebook vždy po standartním startu systému spadne do BSOD, funguje jen v Nouzovém režimu.

Předem děkuji za radu.

Log:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Honza at 2012-02-14 17:37:05
WIN_7 Service Pack 1
System drive C: has 53 GB (11%) free of 464 GB
Total RAM: 4007 MB (86% free)

HijackThis download failed

======Listing Processes======


======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
C:\Windows\tasks\SystemToolsDailyTest.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-01-10 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-01-10 42272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcWin7Hlpr]
C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [2011-10-20 33344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-02 843712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-01-03 37296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager]
C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe -launchedbylogin []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALCKRESI.EXE]
C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [2011-09-27 386408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Crystal Internet Meter]
C:\=PROGRAMY=\Crystal Internet Meter\cimeter.exe [2002-09-04 2221568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\=PROGRAMY=\DAEMON Tools Lite\DTLite.exe [2011-08-02 4910912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EADM]
C:\=PROGRAMY=\Origin\Origin.exe [2012-01-12 28201096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2011-09-08 4030008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ForteConfig]
C:\Program Files\Conexant\ForteConfig\fmapp.exe [2010-10-26 49056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\Windows\system32\hkcmd.exe [2011-08-09 392472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\=PROGRAMY=\ICQ 7.6\ICQ7.6\ICQ.exe silent loginmode=4 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\Windows\system32\igfxtray.exe [2011-08-09 167704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelPAN]
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [2011-07-27 1935120]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lenovo Registration]
C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [2011-07-14 4351712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LENOVO.TPKNRRES]
C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [2011-07-22 42344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\=PROGRAMY=\Hamachi\hamachi-2-ui.exe --auto-start []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OscarEditor]
C:\Program Files (x86)\OSCAR Editor X7\\OscarEditor.exe Minimum []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\Windows\system32\igfxpers.exe [2011-08-09 416024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSQLLauncher]
C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe [2011-07-14 85832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWMTRV]
rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RotateImage]
C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [2008-10-30 55808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files (x86)\Skype\Phone\Skype.exe [2011-10-13 17351304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartAudio]
C:\Program Files\CONEXANT\SAII\SAIICpl.exe [2011-04-26 310912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-10-16 343168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-09-30 2832168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPFanControl]
C:\Program Files\TPFanControl\TPFanControl.exe [2011-12-13 155136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TpShocks]
C:\Windows\SYSTEM32\TpShocks.exe [2011-03-29 380776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
C:\PROGRA~1\ThinkPad\BLUETO~1\BTTray.exe [2011-10-17 1213216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Honza^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
C:\Users\Honza\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-09-02 24183152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\SYSTEM32\igfxdev.dll [2011-08-09 390144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll [2011-07-14 136008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
ACGina

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-02-14 06:14:53 ----A---- C:\tvtpktfilter.dat
2012-02-13 21:45:15 ----D---- C:\rsit
2012-02-13 21:45:15 ----D---- C:\Program Files\trend micro
2012-02-13 20:40:21 ----D---- C:\ProgramData\Spybot - Search & Destroy
2012-02-13 20:40:21 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy
2012-02-13 14:28:17 ----D---- C:\Windows\pss
2012-02-13 14:23:50 ----A---- C:\Windows\ntbtlog.txt
2012-02-07 18:12:23 ----D---- C:\Program Files\TPFanControl
2012-02-07 18:12:23 ----A---- C:\Windows\system32\drivers\TVicPort64.sys
2012-02-05 15:44:02 ----D---- C:\Users\Honza\AppData\Roaming\Nokia
2012-02-05 15:44:01 ----D---- C:\ProgramData\PC Suite
2012-02-05 15:43:56 ----D---- C:\Users\Honza\AppData\Roaming\PC Suite
2012-02-05 15:43:10 ----D---- C:\ProgramData\Nokia
2012-02-05 15:42:38 ----A---- C:\Windows\system32\drivers\pccsmcfdx64.sys
2012-02-05 15:42:36 ----DC---- C:\Windows\system32\DRVSTORE
2012-02-05 15:42:24 ----D---- C:\Program Files (x86)\PC Connectivity Solution
2012-02-05 15:42:09 ----A---- C:\Windows\system32\nmwcdclsX64.dll
2012-02-05 15:41:13 ----D---- C:\ProgramData\NokiaInstallerCache
2012-02-05 15:41:13 ----D---- C:\Program Files (x86)\Nokia
2012-02-02 20:37:06 ----A---- C:\Windows\SYSWOW64\Access.dat
2012-02-02 20:22:38 ----D---- C:\Users\Honza\AppData\Roaming\Tunngle
2012-02-02 20:22:38 ----D---- C:\ProgramData\Tunngle
2012-02-02 20:22:36 ----A---- C:\Windows\system32\drivers\tap0901t.sys
2012-01-16 15:31:04 ----D---- C:\FPC

======List of files/folders modified in the last 1 month======

2012-02-15 01:01:42 ----D---- C:\swshare
2012-02-14 16:51:37 ----D---- C:\Windows\Temp
2012-02-14 16:50:36 ----D---- C:\Windows\Minidump
2012-02-14 16:50:31 ----D---- C:\Windows
2012-02-13 21:45:15 ----RD---- C:\Program Files
2012-02-13 21:08:47 ----D---- C:\Windows\system32\drivers\etc
2012-02-13 20:40:21 ----RD---- C:\Program Files (x86)
2012-02-13 20:40:21 ----HD---- C:\ProgramData
2012-02-13 14:25:55 ----RD---- C:\=INSTALAČKY=
2012-02-13 14:14:54 ----D---- C:\Windows\Prefetch
2012-02-13 14:11:01 ----D---- C:\Windows\system32\config
2012-02-13 14:09:44 ----A---- C:\Windows\SYSWOW64\log.txt
2012-02-13 14:07:57 ----D---- C:\Users\Honza\AppData\Roaming\Dropbox
2012-02-13 14:00:57 ----D---- C:\Users\Honza\AppData\Roaming\Skype
2012-02-12 19:56:04 ----SHD---- C:\Config.Msi
2012-02-12 18:45:14 ----D---- C:\Windows\SysWOW64
2012-02-12 18:45:10 ----A---- C:\Windows\SYSWOW64\PnkBstrB.exe
2012-02-12 17:46:57 ----D---- C:\=HRY=
2012-02-12 17:46:54 ----D---- C:\Windows\system32\drivers
2012-02-12 17:46:54 ----D---- C:\Windows\System32
2012-02-12 10:39:53 ----SHD---- C:\Windows\Installer
2012-02-12 10:39:53 ----D---- C:\Program Files (x86)\Common Files
2012-02-12 10:39:52 ----D---- C:\Program Files (x86)\Adobe
2012-02-12 10:38:39 ----SHD---- C:\System Volume Information
2012-02-12 10:28:33 ----D---- C:\Windows\system32\Tasks
2012-02-12 10:28:28 ----D---- C:\ProgramData\Adobe
2012-02-12 10:25:03 ----D---- C:\Program Files\Common Files
2012-02-09 21:28:14 ----RSD---- C:\Windows\assembly
2012-02-09 21:27:42 ----RSD---- C:\Windows\Media
2012-02-09 21:27:31 ----D---- C:\Windows\system32\catroot
2012-02-07 18:12:39 ----D---- C:\Users\Honza\AppData\Roaming\SoftGrid Client
2012-02-07 18:12:23 ----D---- C:\Windows\system
2012-02-06 21:30:39 ----D---- C:\Users\Honza\AppData\Roaming\Opera
2012-02-05 15:50:37 ----D---- C:\Windows\ModemLogs
2012-02-05 15:47:11 ----D---- C:\Windows\system32\drivers\UMDF
2012-02-05 15:47:10 ----D---- C:\Windows\inf
2012-02-05 15:44:13 ----D---- C:\Windows\winsxs
2012-02-05 15:42:38 ----D---- C:\Program Files\DIFX
2012-02-05 15:42:37 ----D---- C:\Windows\system32\DriverStore
2012-02-02 21:31:28 ----D---- C:\=PROGRAMY=
2012-02-02 20:25:35 ----D---- C:\Program Files (x86)\Battlelog Web Plugins
2012-02-02 20:22:36 ----RSD---- C:\Windows\Fonts
2012-02-02 10:37:52 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-01-31 19:55:29 ----D---- C:\sem
2012-01-30 15:43:43 ----D---- C:\Windows\Tasks
2012-01-29 12:22:55 ----D---- C:\ProgramData\Ubisoft
2012-01-29 12:07:03 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2012-01-29 12:07:03 ----D---- C:\Program Files (x86)\Ubisoft
2012-01-29 12:07:01 ----D---- C:\Windows\system32\catroot2
2012-01-28 15:32:48 ----D---- C:\Users\Honza\AppData\Roaming\Ubisoft
2012-01-27 17:48:18 ----D---- C:\ProgramData\PCDr
2012-01-27 00:52:58 ----N---- C:\Windows\system32\MpSigStub.exe
2012-01-26 21:23:08 ----D---- C:\Program Files (x86)\Opera
2012-01-25 22:16:21 ----SD---- C:\Users\Honza\AppData\Roaming\Microsoft
2012-01-25 17:28:15 ----D---- C:\Windows\Microsoft.NET
2012-01-22 14:02:54 ----A---- C:\Windows\SYSWOW64\PnkBstrA.exe
2012-01-19 20:32:19 ----D---- C:\Program Files (x86)\Google
2012-01-16 11:41:36 ----D---- C:\Program Files (x86)\DOSBox-0.74
2012-01-16 11:37:35 ----D---- C:\Users\Honza\AppData\Roaming\FileZilla
2012-01-15 19:46:29 ----D---- C:\ACRV

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-11-05 438808]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 Shockprf;Shockprf; C:\Windows\System32\DRIVERS\Apsx64.sys [2011-03-30 139888]
R0 TPDIGIMN;TPDIGIMN; C:\Windows\System32\DRIVERS\ApsHM64.sys [2011-03-30 23664]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-10-09 270912]
R1 PHCORE;PHCORE; \??\C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS [2011-07-08 32104]
R2 risdxc;risdxc; C:\Windows\system32\DRIVERS\risdxc64.sys [2011-05-25 101888]
R3 Amusbprt;USB HID-compliant Mouse Driver; C:\Windows\system32\DRIVERS\Amusbx64.sys [2008-02-13 17920]
R3 IBMPMDRV;IBMPMDRV; C:\Windows\system32\DRIVERS\ibmpmdrv.sys [2011-08-11 39024]
R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2011-09-30 393264]
S1 Amfilter;Compatible Mouse Filter Driver; C:\Windows\system32\DRIVERS\Amfltx64.sys [2007-10-15 12288]
S1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
S1 lenovo.smi;Lenovo System Interface Driver; C:\Windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472]
S1 TPPWRIF;TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [2011-12-01 14960]
S1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 cpuz135;cpuz135; \??\C:\Windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]
S2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
S2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2011-08-04 137144]
S2 smihlp2;SMI Helper Driver (smihlp2); \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2011-05-30 13128]
S2 TVicPort64;TVicPort64; C:\Windows\system32\drivers\TVicPort64.sys [2006-10-13 16080]
S3 5U877;USB Video Device; C:\Windows\system32\DRIVERS\5U877.sys [2011-03-05 166016]
S3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-05-12 9319424]
S3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-05-11 304128]
S3 AMPPAL;Virtuבlnם adaptיr Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed; C:\Windows\system32\DRIVERS\AMPPAL.sys [2011-08-08 299008]
S3 AMPPALP;Protokol Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed; C:\Windows\system32\DRIVERS\amppal.sys [2011-08-08 299008]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-28 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 BTWAMPFL;btwampfl; C:\Windows\system32\DRIVERS\btwampfl.sys [2011-10-17 437288]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2011-10-17 146984]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\DRIVERS\btwavdt.sys [2011-10-17 164392]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2011-10-17 39976]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2011-10-17 21544]
S3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT64.sys [2011-03-24 1576064]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
S3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 intelkmd;intelkmd; C:\Windows\system32\DRIVERS\igdpmd64.sys [2011-08-09 12289472]
S3 NETwNs64;___ Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows 7 64 Bit; C:\Windows\system32\DRIVERS\NETwNs64.sys [2011-08-03 8604672]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2008-08-28 25600]
S3 PCDSRVC{127174DC-C366ED8B-06020200}_0;PCDSRVC{127174DC-C366ED8B-06020200}_0 - PCDR Kernel Mode Service Helper Driver; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [2011-06-27 25584]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 psadd;Lenovo Parties Service Access Device Driver; C:\Windows\system32\DRIVERS\psadd.sys [2011-10-09 40512]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 Sftfs;Sftfs; C:\Windows\system32\DRIVERS\Sftfslh.sys [2009-12-02 721768]
S3 Sftplay;Sftplay; C:\Windows\system32\DRIVERS\Sftplaylh.sys [2009-12-02 269672]
S3 Sftredir;Sftredir; C:\Windows\system32\DRIVERS\Sftredirlh.sys [2009-12-02 25960]
S3 Sftvol;Sftvol; C:\Windows\system32\DRIVERS\Sftvollh.sys [2009-12-02 22376]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle); C:\Windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
S3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2009-07-14 38400]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 wdkmd;Intel WiDi KMD; C:\Windows\system32\DRIVERS\WDKMD.sys [2011-04-08 42392]
S4 RsFx0105;RsFx0105 Driver; C:\Windows\system32\DRIVERS\RsFx0105.sys [2011-09-22 311144]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2012-01-22 76888]
S2 SAService;Conexant SmartAudio service; C:\Windows\system32\SAsrv.exe []
S2 SBSDWSCService;SBSD Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\Windows\System32\TPHDEXLG64.exe [2011-03-30 47728]
S4 AcPrfMgrSvc;AcPrfMgrSvc; C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe [2011-10-20 134208]
S4 AcSvc;AcSvc; C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe [2011-10-20 269376]
S4 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-05-11 203264]
S4 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service; C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-08-08 1166848]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-19 44376]
S4 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service; C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
S4 btwdins;Bluetooth Service; C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe [2011-10-17 970016]
S4 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S4 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S4 cvhsvc;Client Virtualization Handler; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S4 CxAudMsg;@C:\Windows\system32\CxAudMsg64.exe,-100; C:\Windows\system32\CxAudMsg64.exe [2010-12-16 198784]
S4 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-09-08 974944]
S4 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2011-07-27 1517328]
S4 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-03 136176]
S4 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-03 136176]
S4 HyperW7Svc;HyperW7 Service; C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe [2011-07-08 144232]
S4 IBMPMSVC;ThinkPad PM Service; C:\Windows\system32\ibmpmsvc.exe [2011-08-11 45928]
S4 jhi_service;Intel(R) Identity Protection Technology Host Interface Service; C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
S4 LENOVO.CAMMUTE;Lenovo Camera Mute; C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe [2011-07-22 41832]
S4 LENOVO.MICMUTE;Lenovo Microphone Mute; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
S4 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction; C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-07-22 60264]
S4 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]
S4 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2011-02-22 326168]
S4 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2011-09-22 58345832]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
S4 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-27 340240]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S4 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-11-19 4925184]
S4 Power Manager DBC Service;Power Manager DBC Service; C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-12-01 89152]
S4 PSI_SVC_2;Protexis Licensing V2; C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [2010-03-11 193824]
S4 PwmEWSvc;Cisco EnergyWise Enabler; C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2011-12-01 175168]
S4 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2011-07-27 844560]
S4 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2012-01-04 718888]
S4 sftlist;Application Virtualization Client; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-02 483688]
S4 sftvsa;Application Virtualization Service Agent; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-02 209768]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-22 431464]
S4 SQLBrowser;SQL Server Browser; c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2011-09-22 255336]
S4 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2011-09-22 154984]
S4 SROSVC;Screen Reading Optimizer Service Program; C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [2011-09-01 446800]
S4 SUService;System Update; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [2011-07-25 28672]
S4 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [2010-12-11 1028096]
S4 TPHKLOAD;Lenovo Hotkey Client Loader; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256]
S4 TPHKSVC;On Screen Display; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]
S4 TunngleService;TunngleService; C:\=PROGRAMY=\Tunngle\TnglCtrl.exe [2011-12-12 751464]
S4 TVT Backup Service;TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [2010-12-11 1475896]
S4 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]
S4 VIPAppService;VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2011-12-05 84080]
S4 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-10-09 1255736]

-----------------EOF-----------------
Nahoru
Peca
Návštěvník
Návštěvník
Příspěvky: 5
Registrován: 14 úno 2012 16:26

Re: win32/kryptik.bak

#2 Příspěvek od Peca »

V nouzáku nemůžu nod zapnout(pouze antivirovou kontrolu pres prikazovy radek), takže jsem se to snazil prelouskat z logu. Vypada to ze trojan.win32/Kryptik.bka (spletl jsem si koncovku) je v C:\Windows\explorer.exe, F:\Setup.exe a F:\gameservices.dll (F:\ je virtualni mechanika)
Z logu:

Kód: Vybrat vše

E 4 2 0 \ H o n z a   íE    ěE     ü:F ÷	      śE     ľN (   F : \ G a m e S e r v i c e s . d l l   ÂE    ÁE    E  4  OC NN 4   @ T r o j a n . W i n 3 2 / K r y p t i k . B K A   MN 4   @ T r o j a n . W i n 3 2 / K r y p t i k . B K A   ‰E    ÄN    F : \ S e t u p . e x e   Č2E    ęE € ŔE    żE   şE     ĂE  E     A     ÜĎ‹cˇ  $        çž^kOęĚ             q  îN    E 4 2 0 \ H o n z a   íE    ěE     ü:F ů      śE     ľN (   F : \ G a m e S e r v i c e s . d l l   ÂE    ÁE    E  4  OC NN 4   @ T r o j a n . W i n 3 2 / K r y p t i k . B K A   MN 4   @ T r o j a n . W i n 3 2 / K r y p t i k . B K A   ‰E    ÄN    F : \ S e t u p . e x e   Č2E    ęE € ŔE    żE   şE     ĂE  E     A     ÜĎ‹c·  $        ŐRšqOęĚ              ‡  îN    E 4 2 0 \ H o n z a   íE    ěE     ü:F Ş      śE     ľN (   F : \ g a m e s e r v i c e s . d l l   ÂE    ÁE    E  4  OC NN 4   @ T r o j a n . W i n 3 2 / K r y p t i k . B K A   MN 4   @ T r o j a n . W i n 3 2 / K r y p t i k . B K A   ‰E    ÄN 0   C : \ W i n d o w s \ e x p l o r e r . e x e   Č2E    ęE € ŔE    żE   şE     ĂE  E     A
Nahoru
Peca
Návštěvník
Návštěvník
Příspěvky: 5
Registrován: 14 úno 2012 16:26

Re: win32/kryptik.bak

#3 Příspěvek od Peca »

Kód: Vybrat vše

MBRScan v1.1.1

OS             : Windows 7 Service Pack 1 (64 bit)
PROCESSOR      : Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
BOOT           : Safe Boot
DATE           : 2012/02/14 (ISO 8601) at 19:06:58
________________________________________________________________________________

DISK           : Device\Harddisk0\DR0 __ST950042 0AS (0003)
BUS_TYPE       : (0x03)  P-ATA
USE_PIO        : NO
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

DISK           : Device\Harddisk1\DR7 __Kingston DataTraveler 102 (8.20)
BUS_TYPE       : (0x07)  USB
USE_PIO        : NO
MAX_TRANSFER   : 64 Kb
ALIGNMENT_MASK : byte aligned
________________________________________________________________________________

Device\Harddisk0\DR0	465.8 Go  [Fixed] ==> Lenovo boot sector .

MBR_MD5   : C56B513D2B31A9F0578DC17EC1BD227A
MBR_SHA1  : 65F8C86F373B188E1A34231535A05C4BD4209270

Device\Harddisk0\Partition1	1.17 Go  	0x07 NTFS / HPFS __ BOOTABLE __
Device\Harddisk0\Partition2	452.9 Go  	0x07 NTFS / HPFS
Device\Harddisk0\Partition3	11.72 Go  	0x07 NTFS / HPFS
________________________________________________________________________________

Device\Harddisk1\DR7	1.85 Go  [Removable] ==> Unknown MBR Code

MBR_MD5   : 7FEFAA847781FBCEF6BE22DBFF350EDD
MBR_SHA1  : BE3B629B4374B30D5D103314BE8211E375C494D3

Device\Harddisk1\Partition1	1.84 Go  	0x0B FAT32 [CHS] 
________________________________________________________________________________

############################### Additional scan ################################

DRIVER  : C:\Windows\system32\hal.dll => Invisible on the disk
ADDRESS : 0x027FB000
SIZE    : 292.0 Ko

DRIVER  : C:\Windows\system32\kdcom.dll => Invisible on the disk
ADDRESS : 0x00BA6000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\system32\mcupdate_GenuineIntel.dll => Invisible on the disk
ADDRESS : 0x00CA0000
SIZE    : 316.0 Ko

DRIVER  : C:\Windows\system32\CLFS.SYS => Invisible on the disk
ADDRESS : 0x00D03000
SIZE    : 376.0 Ko

DRIVER  : C:\Windows\system32\CI.dll => Invisible on the disk
ADDRESS : 0x00EFC000
SIZE    : 768.0 Ko

DRIVER  : C:\Windows\system32\drivers\Wdf01000.sys => Invisible on the disk
ADDRESS : 0x00E00000
SIZE    : 656.0 Ko

DRIVER  : C:\Windows\system32\drivers\WDFLDR.SYS => Invisible on the disk
ADDRESS : 0x00EA4000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\system32\drivers\ACPI.sys => Invisible on the disk
ADDRESS : 0x00D61000
SIZE    : 348.0 Ko

DRIVER  : C:\Windows\system32\drivers\WMILIB.SYS => Invisible on the disk
ADDRESS : 0x00EB3000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\drivers\msisadrv.sys => Invisible on the disk
ADDRESS : 0x00EBC000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\system32\drivers\pci.sys => Invisible on the disk
ADDRESS : 0x00EC6000
SIZE    : 204.0 Ko

DRIVER  : C:\Windows\system32\drivers\vdrvroot.sys => Invisible on the disk
ADDRESS : 0x00FBC000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\System32\drivers\partmgr.sys => Invisible on the disk
ADDRESS : 0x00FC9000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\system32\drivers\compbatt.sys => Invisible on the disk
ADDRESS : 0x00FDE000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\drivers\BATTC.SYS => Invisible on the disk
ADDRESS : 0x00FE7000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\system32\drivers\volmgr.sys => Invisible on the disk
ADDRESS : 0x00DB8000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\System32\drivers\volmgrx.sys => Invisible on the disk
ADDRESS : 0x00C00000
SIZE    : 368.0 Ko

DRIVER  : C:\Windows\System32\drivers\mountmgr.sys => Invisible on the disk
ADDRESS : 0x00C5C000
SIZE    : 104.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\iaStor.sys => Invisible on the disk
ADDRESS : 0x01067000
SIZE    : 1.33 Mo

DRIVER  : C:\Windows\system32\drivers\atapi.sys => Invisible on the disk
ADDRESS : 0x011BB000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\drivers\ataport.SYS => Invisible on the disk
ADDRESS : 0x011C4000
SIZE    : 168.0 Ko

DRIVER  : C:\Windows\system32\drivers\msahci.sys => Invisible on the disk
ADDRESS : 0x011EE000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\system32\drivers\PCIIDEX.SYS => Invisible on the disk
ADDRESS : 0x01000000
SIZE    : 64.0 Ko

DRIVER  : C:\Windows\system32\drivers\amdxata.sys => Invisible on the disk
ADDRESS : 0x01010000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\system32\drivers\fltmgr.sys => Invisible on the disk
ADDRESS : 0x0101B000
SIZE    : 304.0 Ko

DRIVER  : C:\Windows\system32\drivers\fileinfo.sys => Invisible on the disk
ADDRESS : 0x00C76000
SIZE    : 80.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Ntfs.sys => Invisible on the disk
ADDRESS : 0x01213000
SIZE    : 1.64 Mo

DRIVER  : C:\Windows\System32\Drivers\msrpc.sys => Invisible on the disk
ADDRESS : 0x01498000
SIZE    : 376.0 Ko

DRIVER  : C:\Windows\System32\Drivers\ksecdd.sys => Invisible on the disk
ADDRESS : 0x014F6000
SIZE    : 108.0 Ko

DRIVER  : C:\Windows\System32\Drivers\cng.sys => Invisible on the disk
ADDRESS : 0x01511000
SIZE    : 456.0 Ko

DRIVER  : C:\Windows\System32\drivers\pcw.sys => Invisible on the disk
ADDRESS : 0x01583000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Fs_Rec.sys => Invisible on the disk
ADDRESS : 0x01594000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\system32\drivers\ndis.sys => Invisible on the disk
ADDRESS : 0x0163C000
SIZE    : 972.0 Ko

DRIVER  : C:\Windows\system32\drivers\NETIO.SYS => Invisible on the disk
ADDRESS : 0x0172F000
SIZE    : 384.0 Ko

DRIVER  : C:\Windows\System32\Drivers\ksecpkg.sys => Invisible on the disk
ADDRESS : 0x0178F000
SIZE    : 172.0 Ko

DRIVER  : C:\Windows\System32\drivers\tcpip.sys => Invisible on the disk
ADDRESS : 0x01866000
SIZE    : 2.02 Mo

DRIVER  : C:\Windows\System32\drivers\fwpkclnt.sys => Invisible on the disk
ADDRESS : 0x01A6A000
SIZE    : 296.0 Ko

DRIVER  : C:\Windows\system32\drivers\volsnap.sys => Invisible on the disk
ADDRESS : 0x01AB4000
SIZE    : 304.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\ApsHM64.sys => Invisible on the disk
ADDRESS : 0x01B00000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\System32\drivers\rdyboost.sys => Invisible on the disk
ADDRESS : 0x01B12000
SIZE    : 232.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\Apsx64.sys => Invisible on the disk
ADDRESS : 0x01B4C000
SIZE    : 152.0 Ko

DRIVER  : C:\Windows\System32\Drivers\mup.sys => Invisible on the disk
ADDRESS : 0x01B72000
SIZE    : 72.0 Ko

DRIVER  : C:\Windows\System32\drivers\hwpolicy.sys => Invisible on the disk
ADDRESS : 0x01B84000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\fvevol.sys => Invisible on the disk
ADDRESS : 0x01B8D000
SIZE    : 232.0 Ko

DRIVER  : C:\Windows\system32\drivers\disk.sys => Invisible on the disk
ADDRESS : 0x01BC7000
SIZE    : 88.0 Ko

DRIVER  : C:\Windows\system32\drivers\CLASSPNP.SYS => Invisible on the disk
ADDRESS : 0x01800000
SIZE    : 192.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Null.SYS => Invisible on the disk
ADDRESS : 0x02BDB000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Beep.SYS => Invisible on the disk
ADDRESS : 0x02BE4000
SIZE    : 28.0 Ko

DRIVER  : C:\Windows\System32\drivers\vga.sys => Invisible on the disk
ADDRESS : 0x041B8000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\System32\drivers\VIDEOPRT.SYS => Invisible on the disk
ADDRESS : 0x041C6000
SIZE    : 148.0 Ko

DRIVER  : C:\Windows\System32\drivers\watchdog.sys => Invisible on the disk
ADDRESS : 0x041EB000
SIZE    : 64.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Msfs.SYS => Invisible on the disk
ADDRESS : 0x03000000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Npfs.SYS => Invisible on the disk
ADDRESS : 0x02A27000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\HECIx64.sys => Invisible on the disk
ADDRESS : 0x02A38000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\usbehci.sys => Invisible on the disk
ADDRESS : 0x02A49000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\USBPORT.SYS => Invisible on the disk
ADDRESS : 0x0159E000
SIZE    : 344.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\HDAudBus.sys => Invisible on the disk
ADDRESS : 0x02A00000
SIZE    : 144.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\risdxc64.sys => Invisible on the disk
ADDRESS : 0x0183E000
SIZE    : 120.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\ibmpmdrv.sys => Invisible on the disk
ADDRESS : 0x02A5A000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\i8042prt.sys => Invisible on the disk
ADDRESS : 0x01BDD000
SIZE    : 120.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\kbdclass.sys => Invisible on the disk
ADDRESS : 0x02BEB000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\SynTP.sys => Invisible on the disk
ADDRESS : 0x01400000
SIZE    : 408.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\USBD.SYS => Invisible on the disk
ADDRESS : 0x0300B000
SIZE    : 8.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mouclass.sys => Invisible on the disk
ADDRESS : 0x017BA000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\cdrom.sys => Invisible on the disk
ADDRESS : 0x017C9000
SIZE    : 168.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\blbdrive.sys => Invisible on the disk
ADDRESS : 0x01600000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\CompositeBus.sys => Invisible on the disk
ADDRESS : 0x01611000
SIZE    : 64.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mssmbios.sys => Invisible on the disk
ADDRESS : 0x02A67000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\termdd.sys => Invisible on the disk
ADDRESS : 0x01621000
SIZE    : 80.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\swenum.sys => Invisible on the disk
ADDRESS : 0x0300D000
SIZE    : 8.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\ks.sys => Invisible on the disk
ADDRESS : 0x013B6000
SIZE    : 268.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\dtsoftbus01.sys => Invisible on the disk
ADDRESS : 0x02C20000
SIZE    : 280.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\umbus.sys => Invisible on the disk
ADDRESS : 0x02C66000
SIZE    : 72.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\usbhub.sys => Invisible on the disk
ADDRESS : 0x02C78000
SIZE    : 360.0 Ko

DRIVER  : C:\Windows\System32\Drivers\crashdmp.sys => Invisible on the disk
ADDRESS : 0x02CD2000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\System32\Drivers\dump_iaStor.sys => Invisible on the disk
ADDRESS : 0x02A72000
SIZE    : 1.33 Mo

DRIVER  : C:\Windows\System32\Drivers\dump_dumpfve.sys => Invisible on the disk
ADDRESS : 0x02CE0000
SIZE    : 76.0 Ko

DRIVER  : C:\Windows\System32\win32k.sys => Invisible on the disk
ADDRESS : 0x000B0000
SIZE    : 3.08 Mo

DRIVER  : C:\Windows\System32\drivers\Dxapi.sys => Invisible on the disk
ADDRESS : 0x02CF3000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\System32\drivers\dxg.sys => Invisible on the disk
ADDRESS : 0x00530000
SIZE    : 120.0 Ko

DRIVER  : C:\Windows\System32\TSDDD.dll => Invisible on the disk
ADDRESS : 0x006F0000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\System32\framebuf.dll => Invisible on the disk
ADDRESS : 0x008E0000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\usbccgp.sys => Invisible on the disk
ADDRESS : 0x02D1A000
SIZE    : 116.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\hidusb.sys => Invisible on the disk
ADDRESS : 0x02D37000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\HIDCLASS.SYS => Invisible on the disk
ADDRESS : 0x02D45000
SIZE    : 100.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\HIDPARSE.SYS => Invisible on the disk
ADDRESS : 0x02D5E000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\Amusbx64.sys => Invisible on the disk
ADDRESS : 0x02D67000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\System32\Drivers\fastfat.SYS => Invisible on the disk
ADDRESS : 0x02D70000
SIZE    : 216.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\USBSTOR.SYS => Invisible on the disk
ADDRESS : 0x02DA6000
SIZE    : 108.0 Ko

DRIVER  : C:\Windows\System32\smss.exe => Invisible on the disk
ADDRESS : 0x47F40000
SIZE    : 128.0 Ko

Device\Harddisk0\DR0 => 7 MBR Code found in sector 8
BCD EmsSettings {0CE4991B-E6B3-4B16-B23C-5E0D9250E5D9} => BcdLibraryBoolean_EmsEnabled (16000020)

SystemStartOptions :  NOEXECUTE=OPTIN  SAFEBOOT:MINIMAL  SOS  BOOTLOG  NOGUIBOOT  BOOTLOGO

________________________________________________________________________________

_______MBR   \Device\Harddisk0\DR0  

0x00000000   EB 0E 0A 00 04 00 74 09 00 00 00 00 00 00 4E 50   ë.....t.......NP
0x00000010   FA 33 C0 BC 00 66 8E D0 50 07 50 1F FB FC BE 09   ú3À¼.f.ÐP.P.ûü¾.
0x00000020   00 89 14 BF 00 08 BE 00 7C B9 00 01 F3 A5 50 BF   ...¿..¾.|¹..ó¥P¿
0x00000030   34 08 57 CB BB 00 06 BE 02 08 0F B6 0C B8 01 02   4.WË»..¾...¶.¸..
0x00000040   BA 80 00 CD 13 BA 05 00 BF 00 06 B9 00 02 E8 24   º..Í.º..¿..¹..è$
0x00000050   01 B9 05 00 BB 00 12 BE 00 06 03 F1 E8 FF 00 EB   .¹..»..¾...ñè..ë
0x00000060   0A B3 01 BE A7 12 88 1C E9 89 00 E8 2D 00 3C 01   .³.¾§...é..è-.<.
0x00000070   74 EF E8 52 00 3C 01 74 E8 BA 04 00 BF 00 0A B9   tïèR.<.tèº..¿..¹
0x00000080   A7 08 E8 F0 00 E8 35 05 E9 88 01 BE 05 08 0A 04   §.èð.è5.é..¾....
0x00000090   88 04 B1 01 BB 00 08 E8 B9 00 C3 BE 00 06 E8 17   ..±.»..è¹.þ..è.
0x000000A0   00 BE 23 06 80 3C 00 74 0C 3C 00 74 08 B0 02 E8   .¾#..<.t.<.t.°.è
0x000000B0   D9 FF B0 01 C3 B0 00 C3 B9 00 02 4E 32 C0 8B D9   Ù.°.ð.ù..N2À.Ù
0x000000C0   8A 10 32 C2 E2 F8 C3 B9 05 00 51 B8 00 02 F7 E1   ..2Ââøù..Q¸..÷á
0x000000D0   05 00 08 8B F0 E8 E0 FF 5E 56 0F B6 8C 05 06 E3   ....ðèà.^V.¶...ã
0x000000E0   04 38 C1 75 06 59 E2 E2 B0 00 C3 59 B0 01 E8 9A   .8Áu.Yââ°.ÃY°.è.
0x000000F0   FF B0 01 C3 BE 07 08 0F B6 0C B8 01 02 BB 00 7C   .°.þ...¶.¸..».|
0x00000100   BA 80 00 CD 13 BE 00 7C E8 AD FF BE 06 08 0F B6   º..Í.¾.|è­.¾...¶
0x00000110   0C E3 1C 38 C1 74 18 B0 04 E8 6F FF BE AF 07 E8   .ã.8Át.°.èo.¾¯.è
0x00000120   8C 02 BE A7 12 80 3C 01 74 03 E8 0A 01 CD 18 BE   ..¾§..<.t.è..Í.¾
0x00000130   BE 09 BF BE 7D B9 20 00 F3 A5 BA 04 00 BF 00 7C   ¾.¿¾}¹ .ó¥º..¿.|
0x00000140   B9 BE 01 E8 2F 00 BE 09 00 8B 14 33 C0 50 BF 00   ¹¾.è/.¾....3ÀP¿.
0x00000150   7C 57 CB 32 ED B8 01 03 BA 80 00 CD 13 C3 51 4E   |WË2í¸..º..Í.ÃQN
0x00000160   0F B6 0C E3 08 B8 01 02 BA 80 00 CD 13 81 EB 00   .¶.ã.¸..º..Í..ë.
0x00000170   02 59 E2 EA C3 52 57 51 B8 00 BB CD 1A 72 2B 66   .YâêÃRWQ¸.»Í.r+f
0x00000180   83 F8 00 75 25 81 F9 02 01 7C 1F 66 81 FB 54 43   .ø.u%.ù..|.f.ûTC
0x00000190   50 41 75 16 33 C0 8E C0 66 33 F6 B8 07 BB 66 33   PAu.3À.Àf3ö¸.»f3
0x000001A0   C9 66 33 D2 59 5F 5A CD 1A C3 59 5F 5A C3 00 00   Éf3ÒY_ZÍ.ÃY_ZÃ..
0x000001B0   65 6D 00 00 00 63 7B 9A 89 2E C5 F4 00 00 80 20   em...c{...Åô... 
0x000001C0   21 00 07 1B 02 99 00 08 00 00 00 80 25 00 00 1B   !...........%...
0x000001D0   03 99 07 FE FF FF 00 88 25 00 00 D0 9B 38 00 FE   ...þ....%..Ð.8.þ
0x000001E0   FF FF 07 FE FF FF 00 58 C1 38 00 00 77 01 00 00   ...þ...XÁ8..w...
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

_______MBR   \Device\Harddisk1\DR7  

0x00000000   FA 33 C0 8E D0 BC 00 7C 8B F4 50 07 50 1F FB FC   ú3À.м.|.ôP.P.ûü
0x00000010   BF 00 06 B9 00 01 F2 A5 EA 1D 06 00 00 BE B8 06   ¿..¹..ò¥ê....¾¸.
0x00000020   AC 3C 00 74 0E 56 BB 07 00 B4 0E CD 10 5E EA 20   ¬<.t.V»..´.Í.^ê 
0x00000030   06 00 00 CD 18 00 00 00 00 00 00 00 00 00 00 00   ...Í............
0x00000040   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000050   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000060   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000070   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000080   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000090   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000000A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000000B0   00 00 00 00 00 00 00 00 50 65 6E 20 44 72 69 76   ........Pen Driv
0x000000C0   65 20 57 69 74 68 6F 75 74 20 4F 70 65 72 61 74   e Without Operat
0x000000D0   69 6E 67 20 53 79 73 74 65 6D 2E 52 65 6D 6F 76   ing System.Remov
0x000000E0   65 20 50 65 6E 20 44 72 69 76 65 20 41 6E 64 20   e Pen Drive And 
0x000000F0   52 65 62 6F 6F 74 2E 20 00 00 00 00 00 00 00 00   Reboot. ........
0x00000100   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000110   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000120   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000130   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000140   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000150   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000160   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000170   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000180   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001B0   00 00 00 00 00 00 00 00 01 02 03 04 00 00 00 38   ...............8
0x000001C0   19 00 0B 00 01 0F E0 0D 00 00 20 02 3B 00 00 00   ......à... .;...
0x000001D0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª


c:\windows\PFRO.log
c:\windows\system32\Thumbs.db
c:\windows\SysWow64\tmpE1D6.tmp
c:\windows\SysWow64\tmpE234.tmp
Q:\Autorun.inf
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-01-14 do 2012-02-14 )))))))))))))))))))))))))))))))
.
.
2012-02-14 18:14 . 2012-02-14 18:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-13 20:45 . 2012-02-13 20:45 -------- d-----w- C:\rsit
2012-02-13 20:45 . 2012-02-13 20:45 -------- d-----w- c:\program files\trend micro
2012-02-13 19:40 . 2012-02-13 20:06 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-02-13 19:40 . 2012-02-13 19:47 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-02-13 13:05 . 2012-02-13 13:05 -------- d-----w- c:\users\Honza\AppData\Local\ESET
2012-02-10 12:39 . 2012-02-13 09:17 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{94E927DF-D08D-4D91-B2C1-170CAAE5FB13}\offreg.dll
2012-02-10 09:02 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{94E927DF-D08D-4D91-B2C1-170CAAE5FB13}\mpengine.dll
2012-02-07 17:12 . 2012-02-07 17:12 -------- d-----w- c:\program files\TPFanControl
2012-02-07 17:12 . 2006-10-13 02:21 16080 ----a-w- c:\windows\system32\drivers\TVicPort64.sys
2012-02-07 17:12 . 2005-03-30 11:11 53248 ----a-w- c:\windows\system\TVicPort.dll
2012-02-06 20:07 . 2012-02-06 20:07 -------- d-----w- c:\users\Honza\AppData\Local\Scientific Calculator
2012-02-06 20:03 . 2012-02-06 20:03 -------- d-----w- c:\users\Honza\AppData\Local\Color Picker
2012-02-06 19:58 . 2012-02-06 19:58 -------- d-----w- c:\users\Honza\AppData\Local\Artist's Sketchbook 1.65
2012-02-05 14:44 . 2012-02-05 14:44 -------- d-----w- c:\users\Honza\AppData\Local\Nokia
2012-02-05 14:44 . 2012-02-05 14:44 -------- d-----w- c:\users\Honza\AppData\Roaming\Nokia
2012-02-05 14:44 . 2012-02-05 14:47 -------- d-----w- c:\programdata\PC Suite
2012-02-05 14:43 . 2012-02-05 14:49 -------- d-----w- c:\users\Honza\AppData\Roaming\PC Suite
2012-02-05 14:43 . 2012-02-05 14:43 -------- d-----w- c:\programdata\Nokia
2012-02-05 14:43 . 2012-02-05 14:43 -------- d-----w- c:\program files (x86)\Common Files\Nokia
2012-02-05 14:42 . 2008-08-28 10:44 25600 ----a-w- c:\windows\system32\drivers\pccsmcfdx64.sys
2012-02-05 14:42 . 2012-02-05 14:42 -------- dc----w- c:\windows\system32\DRVSTORE
2012-02-05 14:42 . 2012-02-05 14:42 -------- d-----w- c:\program files (x86)\PC Connectivity Solution
2012-02-05 14:42 . 2011-11-01 09:07 57856 ----a-w- c:\windows\system32\nmwcdclsX64.dll
2012-02-05 14:41 . 2012-02-05 14:43 -------- d-----w- c:\program files (x86)\Nokia
2012-02-02 19:22 . 2012-02-03 15:10 -------- d-----w- c:\programdata\Tunngle
2012-02-02 19:22 . 2012-02-02 20:18 -------- d-----w- c:\users\Honza\AppData\Roaming\Tunngle
2012-02-02 19:22 . 2009-09-16 06:02 31232 ----a-w- c:\windows\system32\drivers\tap0901t.sys
2012-01-30 09:53 . 2012-01-30 10:09 -------- d-----w- c:\users\Honza\AppData\Local\Temporary Projects
2012-01-24 15:23 . 2012-01-25 14:30 -------- d-----w- c:\users\Honza\AppData\Local\Unity
2012-01-16 14:32 . 2012-01-16 14:32 -------- d-----w- c:\users\Honza\AppData\Local\FreePascal
2012-01-16 14:31 . 2012-01-29 16:56 -------- d-----w- C:\FPC
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-12 17:45 . 2011-10-10 17:19 282864 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-02-12 17:45 . 2011-10-09 11:46 282864 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-02-12 17:44 . 2011-10-09 11:46 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-01-26 23:52 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-25 14:46 . 2011-10-09 13:27 188128 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
2012-01-22 13:02 . 2011-10-09 11:46 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-01-10 20:06 . 2012-01-10 20:07 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-12-05 18:19 . 2011-10-09 10:08 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-01 02:05 . 2011-09-03 10:17 527424 ------w- c:\windows\PWMBTHLV.EXE
2011-12-01 02:05 . 2011-09-03 10:17 14960 ----a-w- c:\windows\system32\drivers\TPPWR64V.SYS
2011-12-01 02:05 . 2011-09-03 10:17 1036352 ----a-w- c:\windows\system32\PWMCP64V.cpl
2011-11-24 04:52 . 2011-12-13 18:30 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-19 14:58 . 2012-01-11 16:25 77312 ----a-w- c:\windows\system32\packager.dll
2011-11-19 14:01 . 2012-01-11 16:25 67072 ----a-w- c:\windows\SysWow64\packager.dll
2011-11-17 06:49 . 2012-01-11 16:25 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2011-11-17 06:49 . 2012-01-11 16:25 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2011-11-17 06:44 . 2012-01-11 16:25 459232 ----a-w- c:\windows\system32\drivers\cng.sys
2011-11-17 06:41 . 2012-01-11 16:25 1731920 ----a-w- c:\windows\system32\ntdll.dll
2011-11-17 06:35 . 2012-01-11 16:25 395776 ----a-w- c:\windows\system32\webio.dll
2011-11-17 06:35 . 2012-01-11 16:25 29184 ----a-w- c:\windows\system32\sspisrv.dll
2011-11-17 06:35 . 2012-01-11 16:25 136192 ----a-w- c:\windows\system32\sspicli.dll
2011-11-17 06:35 . 2012-01-11 16:25 340992 ----a-w- c:\windows\system32\schannel.dll
2011-11-17 06:35 . 2012-01-11 16:25 28160 ----a-w- c:\windows\system32\secur32.dll
2011-11-17 06:35 . 2012-01-11 16:25 1447936 ----a-w- c:\windows\system32\lsasrv.dll
2011-11-17 06:33 . 2012-01-11 16:25 31232 ----a-w- c:\windows\system32\lsass.exe
2011-11-17 05:38 . 2012-01-11 16:25 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2011-11-17 05:35 . 2012-01-11 16:25 314880 ----a-w- c:\windows\SysWow64\webio.dll
2011-11-17 05:34 . 2012-01-11 16:25 224768 ----a-w- c:\windows\SysWow64\schannel.dll
2011-11-17 05:34 . 2012-01-11 16:25 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2011-11-17 05:28 . 2012-01-11 16:25 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Honza\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Honza\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Honza\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
R2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
R3 AMPPALP;Protokol Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed;c:\windows\system32\DRIVERS\amppal.sys [x]
R3 PCDSRVC{127174DC-C366ED8B-06020200}_0;PCDSRVC{127174DC-C366ED8B-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc_x64.pkms [2011-06-27 25584]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R4 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-08-08 1166848]
R4 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
R4 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R4 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R4 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
R4 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [x]
R4 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-09-08 974944]
R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-03 136176]
R4 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-03 136176]
R4 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [2011-07-08 144232]
R4 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
R4 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-07-22 41832]
R4 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
R4 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-07-22 60264]
R4 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-27 340240]
R4 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-11-19 4925184]
R4 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-12-01 89152]
R4 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2011-12-01 175168]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [x]
R4 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-02 483688]
R4 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-02 209768]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-22 431464]
R4 SROSVC;Screen Reading Optimizer Service Program;c:\program files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [2011-09-01 446800]
R4 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256]
R4 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]
R4 TunngleService;TunngleService;c:\=programy=\Tunngle\TnglCtrl.exe [2011-12-12 751464]
R4 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]
R4 VIPAppService;VIPAppService;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2011-12-05 84080]
R4 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [x]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [2011-07-08 32104]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2011-05-30 13128]
S2 TVicPort64;TVicPort64; [x]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AMPPAL;Virtu?ln? adapt?r Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed;c:\windows\system32\DRIVERS\AMPPAL.sys [x]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows 7 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2012-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-03 10:20]
.
2012-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-03 10:20]
.
2012-01-31 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:06]
.
2012-02-13 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:06]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Honza\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Honza\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Honza\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Honza\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF4000.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: WikiKomentáře Google... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-{6889EE56-1816-4E89-94DF-9F56E7804039}_is1 - c:\users\Honza\Desktop\cs\Valve\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{127174DC-C366ED8B-06020200}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc_x64.pkms"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-973842406-3183785661-131700810-1001\Software\SecuROM\License information*]
"datasecu"=hex:44,f8,71,d1,3a,80,d6,12,02,89,62,aa,f5,d7,27,c3,d1,62,a5,15,73,
c3,71,07,0b,f3,c9,6a,6c,54,7d,92,2a,0f,b1,b9,fd,43,18,56,69,ed,9e,6e,d4,69,\
"rkeysecu"=hex:c5,89,01,fd,d3,22,2f,ca,a7,36,85,52,aa,9a,53,39
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\SAsrv.exe
c:\program files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
.
**************************************************************************
.
Celkový čas: 2012-02-14 19:19:16 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-02-14 18:19
.
Před spuštěním: Volných bajtů: 55 677 841 408
Po spuštění: Volných bajtů: 57 459 576 832
.
- - End Of File - - 9C74651E16B9CE5F6D864DDDCD03BBE1




System po restartu ComboFixu uz najel normalne, diky za pomoc.
Nahoru
Peca
Návštěvník
Návštěvník
Příspěvky: 5
Registrován: 14 úno 2012 16:26

Re: win32/kryptik.bak

#4 Příspěvek od Peca »

Ne :-) , jeste jednou diky za pomoc.
Nahoru
Peca
Návštěvník
Návštěvník
Příspěvky: 5
Registrován: 14 úno 2012 16:26

Re: win32/kryptik.bak

#5 Příspěvek od Peca »

Jj, vse funguje jak ma.
Díky za pomoc.
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“